ATTENZIONE 

La violazione di un computer o di una rete altrui senza autorizzazione è un reato 
perseguibile penalmente dalla legge italiana (art. 615 ter del Codice Penale), 
pertanto alcune delle procedure descritte in questo libro sono da ritenersi a scopo 
educativo/illustrativo/informativo. 

Il lettore solleva gli autori da ogni responsabilità circa le competenze assimilate. 



"Esistono due tipi di siti quelli che sono stati hackerati e quelli che ancora devono 
esserlo." 


"Un buon sistema di sicurezza si misura proprio con 'Non succede niente'." 


Loris Simonetti 
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Risorse utili 


Kali Linux 

o https://www.kali.org/downloads/ 

Metasploitable 

o https://information.rapid7.com/metasploit-framework.html 

Underdog 

o https://www.vulnhub.com/entry/kioptrix-level-13-4, 25 

Web 

o http://www.itsecgames.com/ 
o https://github.com/s4n7hO/xvwa 
o https://hub.docker.eom/r/hackerdon/bwapp 
o https://hub.docker.eom/r/hackerdon/wordpress 
o https://hub.docker.eom/r/hackerdon/xvwa 
o https://hub.docker.eom/r/hackerdon/heartbleed 
o https://hub.docker.eom/r/hackerdon/shellshock 

Windows 

o https://github.com/sagishahar/lpeworkshop 
o https://softfamous.com/windows-xp-sp3-operating-system/ 

Bashfor beginners 

o https://linuxconfig.org/bash-scripting-tutorial-for-beginners 


Netcat 

o https://www.win.tue.nl/~aeb/linux/hh/netcat_tutorial.pdf 


Nmap 

o https://hackertarget.com/nmap-tutorial 

Passive Reconnaissance 

o https://tools.kali.org/information-gathering/theharvester 
o https://www.binarytides.com/google-hacking-tutorial/ 
o https://whois.com 

Active Reconnaissance 

o https://tools.kali.org/information-gathering/fierce 
o https://github.com/ElevenPaths/FOCA 
o https://tools.kali.org/web-applications/dirb 
o https://haveibeenpwned.com 

Security Vulnerabilities 

o https://www.stractconsult.com/wp-content/uploads/2016/10/Dirty-Cow-Vulnerability-in-Linux.pdf 
o https://www.netsparker.com/blog/web-security/cve-2014-6271-shellshock-bash-vulnerability-scan/ 
o http://heartbleed.com/ 

Vulnerability Scanning 

o https://tools.kali.org/web-applications/dirb 
o https://tools.kali.org/information-gathering/nikto 
o https://tools.kali.org/web-applications/wpscan 
o https://github.com/Arachni/arachni 
o https://www.tenable.com/products/nessus 

Metasploit,Meterpreter & MSFVenom 
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o https://www.offensive-security.com/metasploit-unleashed/ 

World Wide Web OverView 

o https://adamdoupe.com 

SQL Injection 

o https://www.guru99.com/learn-sql-injection-with-practical-example.html 
o https://github.com/sqlmapproject/sqlmap 

Burpsuite 

o https://portswigger.net/burp/communitydownload 

Cross-site Scripting 

o https://excess-xss.com/ 

Altri attacchi web 

o https://www.hacksplaining.com/ 

o https://www.hackingarticles.in/beginner-guide-file-inclusion-attack-lfirfi/ 
o https://www.hackingarticles.in/beginner-guide-html-injection/ 
o https://portswigger.net/web-security/os-command-injection 
o https://www.veracode.com/security/csrf 

o https://www.tutorialspoint.com/security_testing/insecure_direct_object_reference 

Buffer Overflow 

o https://www.exploit-db.com/docs/english/28475-linux-stack-based-buffer-overflows.pdf 

Denialof Service 

o https://www.guru99.com/ultimate-guide-tQ-dos-attacks.html 

o https://bit.ly/2XG5tme 

Password Cracking 

o https://www.openwall.com/john/doc/EXAMPLES.shtml 
o https://resources.infosecinstitute.com/hashcat-tutorial-beginners/ 

Linux Privilege Escalation 

o https://www.vulnhub.com/entry/kioptrix-level-13-4, 25/ 

Windows Privilege Escalation 

o https://github.com/sagishahar/lpeworkshop 

Finito il corso, ora cosa faccio? 
o Gratis 

■ www.hackthebox.eu 

■ www.vulnhub.com 
o A pagamento 

■ www.pentesterlab.com 

■ www.elearnsecurity.com 
o Certificazioni 

■ https://www.offensive-security.com/information-security-certificati 
ons/oscp-offensive-security-certified-professional/ 

■ www.virtualhackinglabs.com 

■ https://certification.comptia.org/certifications/security 
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